下载页面:
http://www.skycn.com/soft/9537.html
软件大小:
401 KB
软件语言: 简体中文
软件类别: 国产软件 / 共享版 / 文字处理
应用平台: Win9x/NT/2000/XP
加入时间:
2003-03-23 09:01:54
下载次数: 1390
推荐等级: ***
开 发 商: http://softwind.longcity.net/
【软件简介】:本软件集合文本编辑器,文字绘图器,网页制作及游戏功能于一身。使您只须用鼠标轻点,便可制作出漂亮的文字符号图画,然后直接制作成为精美的彩色网页。同时又可将其作为普通的文本编辑器,象记事本程序一样简单使用。两种模式(绘图/编辑)切换只须轻轻一点,或按F3。如果做的闷了,打开游戏功能:一条由文字组成的贪吃蛇!看你能得多少分!最新功能:将横看的文本一下转换成为竖看的文本,连标点都一起改掉哟,好好玩,绝对反转文本文件为止!
【软件限制】:免费赠送注册码
【作者声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:TRW2000娃娃修改版、Ollydbg1.09、FI2.5、W32Dasm 10修改版
—————————————————————————————————
【过 程】:
draw_txt.exe无壳。Delphi
编写。
无出错提示。用TRW下万能断点。返回程序领空后用F12走过几个RET就能到达核心了。
机器码:03-3-dt03-3-31
(根据日期生成)
用户名:fly
试炼码:13572468
—————————————————————————————————
:00484035
E8EA49FDFF call 00458A24
====>请你输入用户名
:0048403A
837DF400 cmp dword ptr
[ebp-0C], 00000000
====>没填用户名
:0048403E
0F8469010000 je 004841AD
:00484044
8B0D40AB4900 mov ecx, dword ptr [0049AB40]
:0048404A
8B09 mov
ecx, dword ptr [ecx]
====>ECX=03-3-dt03-31
:0048404C
8D45E0 lea eax,
dword ptr [ebp-20]
:0048404F 8B55F4
mov edx, dword ptr [ebp-0C]
====>EDX=fly
:00484052
E8D5FEF7FF call 00403F2C
====>检测用户名,并把用户名和机器码连接起来
:00484057
8D55EC lea edx,
dword ptr [ebp-14]
:0048405A 8B45E0
mov eax, dword ptr [ebp-20]
====>EAX=fly03-3-dt03-31
:0048405D
E896330000 call 004873F8
====>算法CALL!进入!!
:00484062
8D45F0 lea eax,
dword ptr [ebp-10]
:00484065 50
push eax
:00484066 68F8414800
push 004841F8
:0048406B A140AB4900
mov eax, dword ptr [0049AB40]
:00484070 FF30
push dword
ptr [eax]
:00484072 6814424800 push
00484214
:00484077 8D45D8
lea eax, dword ptr [ebp-28]
:0048407A BA03000000
mov edx, 00000003
:0048407F E81CFFF7FF
call 00403FA0
:00484084 8B45D8
mov eax, dword ptr [ebp-28]
:00484087
33C9 xor
ecx, ecx
:00484089 BA4C424800 mov
edx, 0048424C
:0048408E E89149FDFF
call 00458A24
====>请你输入注册号
:00484093
8B55F0 mov edx,
dword ptr [ebp-10]
====>EDX=13572468
:00484096
8B45EC mov eax,
dword ptr [ebp-14]
====>EAX=HN[ad-aIO\be-aJP]cf-a
:00484099
E85A40F8FF call 004080F8
====>比较CALL!进入!
:0048409E
85C0 test
eax, eax
:004840A0 7414
je 004840B6
====>不跳则OVER!
:004840A2
BA60424800 mov edx, 00484260
:004840A7
A1A0BC4900 mov eax, dword ptr
[0049BCA0]
:004840AC E803C7FAFF call
004307B4
:004840B1 E9F7000000 jmp
004841AD
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:004840A0(C)
|
:004840B6
B201 mov
dl, 01
:004840B8 A108B44600 mov
eax, dword ptr [0046B408]
:004840BD E8B274FEFF
call 0046B574
:004840C2 8945E8
mov dword ptr [ebp-18], eax
:004840C5 33C0
xor eax,
eax
:004840C7 55
push ebp
:004840C8 683C414800
push 0048413C
:004840CD 64FF30
push dword ptr fs:[eax]
:004840D0 648920
mov dword ptr fs:[eax],
esp
:004840D3 BA02000080 mov
edx, 80000002
:004840D8 8B45E8
mov eax, dword ptr [ebp-18]
:004840DB E87075FEFF
call 0046B650
:004840E0 8D45E4
lea eax, dword ptr [ebp-1C]
:004840E3
BA84424800 mov edx, 00484284
:004840E8
E80BFCF7FF call 00403CF8
====>注册信息写入注册表中
:004840ED
B101 mov
cl, 01
:004840EF 8B55E4
mov edx, dword ptr [ebp-1C]
:004840F2 8B45E8
mov eax, dword ptr [ebp-18]
:004840F5 E89A76FEFF
call 0046B794
:004840FA 84C0
test al,
al
:004840FC 7420
je 0048411E
:004840FE 8B4DF0
mov ecx, dword ptr [ebp-10]
:00484101 BAA0424800
mov edx, 004842A0
:00484106 8B45E8
mov eax, dword ptr
[ebp-18]
:00484109 E8027AFEFF call
0046BB10
:0048410E 8B4DF4
mov ecx, dword ptr [ebp-0C]
:00484111 BAB0424800
mov edx, 004842B0
:00484116 8B45E8
mov eax, dword ptr [ebp-18]
:00484119
E8F279FEFF call 0046BB10
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004840FC(C)
|
:0048411E
8B45E8 mov eax,
dword ptr [ebp-18]
:00484121 E8FA74FEFF
call 0046B620
:00484126 33C0
xor eax, eax
:00484128 5A
pop edx
:00484129 59
pop
ecx
:0048412A 59
pop ecx
:0048412B 648910
mov dword ptr fs:[eax], edx
:0048412E 6843414800
push 00484143
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00484141(U)
|
:00484133
8B45E8 mov eax,
dword ptr [ebp-18]
:00484136 E89DEEF7FF
call 00402FD8
:0048413B C3
ret
:00484176
E89544FDFF call 00458610
====>呵呵,胜利女神!
—————————————————————————————————
进入算法CALL:48405D
call 004873F8
* Referenced by a CALL at Addresses:
|:0048405D
, :0048BA8A
|
:004873F8 55
push ebp
:004873F9 8BEC
mov ebp, esp
:004873FB
83C4E4 add esp,
FFFFFFE4
:004873FE 53
push ebx
:004873FF 56
push esi
:00487400 57
push edi
:00487401
33C9 xor
ecx, ecx
:00487403 894DF4
mov dword ptr [ebp-0C], ecx
:00487406 894DF0
mov dword ptr [ebp-10], ecx
:00487409
8955F8 mov dword
ptr [ebp-08], edx
:0048740C 8945FC
mov dword ptr [ebp-04], eax
:0048740F 8B45FC
mov eax, dword ptr [ebp-04]
:00487412
E87DCCF7FF call 00404094
:00487417
33C0 xor
eax, eax
:00487419 55
push ebp
:0048741A 6801754800
push 00487501
:0048741F 64FF30
push dword ptr fs:[eax]
:00487422 648920
mov dword ptr fs:[eax],
esp
:00487425 8D45F4
lea eax, dword ptr [ebp-0C]
:00487428 E833C8F7FF
call 00403C60
:0048742D 837DFC00
cmp dword ptr [ebp-04], 00000000
====>为0?
:00487431
750D jne
00487440
:00487433 8D45FC
lea eax, dword ptr [ebp-04]
:00487436 BA18754800
mov edx, 00487518
:0048743B E8B8C8F7FF
call 00403CF8
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00487431(C),
:0048745A(C)
|
:00487440 8D45FC
lea eax, dword ptr [ebp-04]
:00487443 8B55FC
mov edx, dword ptr [ebp-04]
====>EDX=fly03-3-dt03-31
:00487446
E89DCAF7FF call 00403EE8
====>再把用户名和机器码连接起来
:0048744B
8B45FC mov eax,
dword ptr [ebp-04]
====>EAX=fly03-3-dt03-31fly03-3-dt03-31
:0048744E E88DCAF7FF call 00403EE0
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004873F0(C)
|
:00487453
8945E8 mov dword
ptr [ebp-18], eax
:00487456 837DE806
cmp dword ptr [ebp-18], 00000006
====>22位
:0048745A
7EE4 jle
00487440
:0048745C 8B45E8
mov eax, dword ptr [ebp-18]
:0048745F B906000000
mov ecx, 00000006
:00487464 99
cdq
:00487465
F7F9 idiv
ecx
====>EDX=22 % 6=4
:00487467
42 inc
edx
====>EDX=4 + 1=5
(小循环次数)
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004873F2(C)
|
:00487468
8955E8 mov dword
ptr [ebp-18], edx
====>EDX 入 [ebp-18]
:0048746B
B80A000000 mov eax, 0000000A
:00487470
99 cdq
:00487471
F77DE8 idiv [ebp-18]
====>EAX=A / 5=2
:00487474
40 inc
eax
====>EAX=2 + 1=3
(大循环次数)
:00487475
85C0 test
eax, eax
:00487477 7E5A
jle 004874D3
:00487479 8945E4
mov dword ptr [ebp-1C], eax
====>EAX 入 [ebp-1C]
:0048747C C745EC01000000 mov [ebp-14], 00000001
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004874D1(C)
|
:00487483
8B5DE8 mov ebx,
dword ptr [ebp-18]
:00487486 85DB
test ebx, ebx
:00487488 7E34
jle 004874BE
:0048748A BE01000000
mov esi, 00000001
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004874BC(C)
|
:0048748F
8B45FC mov eax,
dword ptr [ebp-04]
====>EAX=fly03-3-dt03-31fly03-3-dt03-31
:00487492
0FB64430FF movzx eax, byte ptr
[eax+esi-01]
循环
1、 ====>EAX=66
2、 ====>EAX=6C
3、 ====>EAX=79
4、 ====>EAX=30
5、 ====>EAX=33
:00487497
0345EC add eax,
dword ptr [ebp-14]
第一个大循环
1、 ====>EAX=66 + 1=67
2、 ====>EAX=6C
+ 1=6D
3、 ====>EAX=79 + 1=7A
4、
====>EAX=30 + 1=31
5、 ====>EAX=33 + 1=34
——————————————————————
第二个大循环
1、 ====>EAX=66 + 2=68
…… …… 省 略 …… ……
——————————————————————
第三个大循环 1、 ====>EAX=66 + 3=69
……
…… 省 略 …… ……
——————————————————————
:0048749A
B94F000000 mov ecx, 0000004F
====>ECX=4F
:0048749F
99 cdq
:004874A0
F7F9 idiv
ecx
第一个大循环 1、
====>EDX=67 % 4F=18
2、 ====>EDX=6D % 4F=1E
3、 ====>EDX=7A % 4F=2B
4、
====>EDX=31 % 4F=31
5、 ====>EDX=34 % 4F=34
第一个大循环所得值
:18、1E、2B、31、34
——————————————————————
第二个大循环 1、 ====>EDX=68
% 4F=19
…… …… 省 略 …… ……
第二个大循环所得值 :19、1F、2C、32、35
——————————————————————
第三个大循环
1、 ====>EDX=69 % 4F=1A
…… ……
省 略 …… ……
第三个大循环所得值 :1A、20、2D、33、36
——————————————————————
:004874A2
8BFA mov
edi, edx
====>EDX 入 EDI
:004874A4
8D45F0 lea eax,
dword ptr [ebp-10]
:004874A7 8D5730
lea edx, dword ptr [edi+30]
====>每次EDI+30 后 入 EDX
第一个大循环
1、 ====>EDX=18 + 30=48
2、
====>EDX=1E + 30=4E
3、 ====>EDX=2B + 30=5B
4、 ====>EDX=31 + 30=61
5、
====>EDX=34 + 30=65
第一个大循环所得字符 :HN[ad
——————————————————————
第二个大循环
1、 ====>EDX=19 + 30=49
…… ……
省 略 …… ……
第二个大循环所得字符 :IO\be
——————————————————————
第三个大循环
1、 ====>EDX=1A + 30=4A
…… ……
省 略 …… ……
第二个大循环所得字符 :JP]cf
——————————————————————
:004874AA
E859C9F7FF call 00403E08
====>把上面所得的值转化为对应的字符!
:004874AF
8D45F4 lea eax,
dword ptr [ebp-0C]
:004874B2 8B55F0
mov edx, dword ptr [ebp-10]
:004874B5 E82ECAF7FF
call 00403EE8
:004874BA 46
inc esi
:004874BB
4B dec
ebx
:004874BC 75D1
jne 0048748F
====>小循环5次
HN[ad-aIO\be-aJP]cf-a
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00487488(C)
|
:004874BE
8D45F4 lea eax,
dword ptr [ebp-0C]
:004874C1 BA28754800
mov edx, 00487528
====>小循环结束后,在所得字符后面加上-a
共加3次
第一个大循环结果 : HN[ad-a
第二个大循环结果 : IO\be-a
第三个大循环结果 : JP]cf-a
:004874C6
E81DCAF7FF call 00403EE8
:004874CB
FF45EC inc [ebp-14]
====>每次大循环后[ebp-14]增1
:004874CE
FF4DE4 dec [ebp-1C]
:004874D1
75B0 jne
00487483
====>大循环3次
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00487477(C)
|
:004874D3
8B45F8 mov eax,
dword ptr [ebp-08]
:004874D6 8B55F4
mov edx, dword ptr [ebp-0C]
====>EDX=HN[ad-aIO\be-aJP]cf-a
:004874D9
E8D6C7F7FF call 00403CB4
:004874DE
33C0 xor
eax, eax
:004874E0 5A
pop edx
:004874E1 59
pop ecx
:004874E2 59
pop ecx
:004874E3
648910 mov dword
ptr fs:[eax], edx
:004874E6 6808754800
push 00487508
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00487506(U)
|
:004874EB
8D45F0 lea eax,
dword ptr [ebp-10]
:004874EE BA02000000
mov edx, 00000002
:004874F3 E88CC7F7FF
call 00403C84
:004874F8 8D45FC
lea eax, dword ptr [ebp-04]
:004874FB E860C7F7FF
call 00403C60
:00487500 C3
ret
—————————————————————————————————
进入比较CALL:484099
call 004080F8
*
Referenced by a CALL at Addresses:
|:00408160 , :0044616B , :0044619F
, :0044648F , :00484099
|:0048BA95
|
:004080F8
56 push
esi
:004080F9 57
push edi
:004080FA 53
push ebx
:004080FB 89C6
mov esi, eax
:004080FD 89D7
mov edi,
edx
:004080FF 09C0
or eax, eax
:00408101 7403
je 00408106
:00408103 8B40FC
mov eax, dword ptr [eax-04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408101(C)
|
:00408106
09D2 or edx,
edx
:00408108 7403
je 0040810D
:0040810A 8B52FC
mov edx, dword ptr [edx-04]
*
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408108(C)
|
:0040810D
89C1 mov
ecx, eax
:0040810F 39D1
cmp ecx, edx
====>比较位数
20位?
:00408111 7602
jbe 00408115
====>不跳则OVER!
:00408113 89D1 mov ecx, edx
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:00408111(C)
|
:00408115
39C9 cmp
ecx, ecx
* Referenced
by a (U)nconditional or (C)onditional Jump at Address:
|:0040813D(C)
|
:00408117
F3 repz
:00408118
A6 cmpsb
====>逐位比较!
:00408119
742A je 00408145
====>不跳则OVER!
:0040811B
8A5EFF mov bl, byte
ptr [esi-01]
:0040811E 80FB61
cmp bl, 61
:00408121 7208
jb 0040812B
:00408123 80FB7A
cmp bl, 7A
:00408126 7703
ja 0040812B
:00408128
80EB20 sub bl, 20
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00408121(C),
:00408126(C)
|
:0040812B 8A7FFF
mov bh, byte ptr [edi-01]
:0040812E 80FF61
cmp bh, 61
:00408131 7208
jb 0040813B
:00408133
80FF7A cmp bh, 7A
:00408136
7703 ja 0040813B
:00408138
80EF20 sub bh, 20
*
Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00408131(C),
:00408136(C)
|
:0040813B 38FB
cmp bl, bh
:0040813D 74D8
je 00408117
:0040813F 0FB6C3
movzx eax, bl
:00408142
0FB6D7 movzx edx,
bh
* Referenced by a
(U)nconditional or (C)onditional Jump at Address:
|:00408119(C)
|
:00408145
29D0 sub
eax, edx
====>再检测一下位数
:00408147
5B pop
ebx
:00408148 5F
pop edi
:00408149 5E
pop esi
:0040814A C3
ret
—————————————————————————————————
【KeyMake之内存注册机】:
中断地址:484099
中断次数:1
第一字节:E8
指令长度:5
内存方式:EAX
—————————————————————————————————
【注册信息保存】:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\drawtxt]
"Passwd"="HN[ad-aIO\\be-aJP]cf-a"
"UsrName"="fly"
"Date"=hex:00,00,00,00,e0,69,e2,40
"Machine"="03-3-dt03-3-31"
—————————————————————————————————
【整 理】:
机器码:03-3-dt03-3-31
用户名:fly
注册码:HN[ad-aIO\be-aJP]cf-a
—————————————————————————————————
呵呵,今天愚人节,送给所有CRACKER朋友们一张CRACKER的“自画像”,^6^6^6^6^
请看:http://www.1699.net/bbs/dispbbs.asp?boardID=54&ID=21064
Cracked By
巢水工作坊——fly【OCN】
13:16 03-3-31